Export limit exceeded: 43799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26370 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-02-23 | N/A |
| WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | ||||
| CVE-2026-2486 | 2 Litonice13, Wordpress | 2 Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations, Wordpress | 2026-02-23 | 6.4 Medium |
| The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-50452 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through <= 3.3.3. | ||||
| CVE-2024-50555 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0. | ||||
| CVE-2024-51915 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.2. | ||||
| CVE-2024-52387 | 2 Liton Arefin, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4. | ||||
| CVE-2024-56208 | 2 Desertthemes, Wordpress | 2 Newsmash, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71. | ||||
| CVE-2025-60183 | 2 Silence, Wordpress | 2 Silencesoft Rss Reader, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6. | ||||
| CVE-2025-69011 | 2 Wordpress, Wpkube | 2 Wordpress, Cool Tag Cloud | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Cool Tag Cloud cool-tag-cloud allows Stored XSS.This issue affects Cool Tag Cloud: from n/a through <= 2.29. | ||||
| CVE-2026-24948 | 2 Fox-themes, Wordpress | 2 Reflector, Wordpress | 2026-02-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through <= 1.2.2. | ||||
| CVE-2026-24955 | 2 Fox-themes, Wordpress | 2 Whizz Plugins, Wordpress | 2026-02-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through <= 1.9. | ||||
| CVE-2026-27502 | 2 Radioinorr, Sa2blv | 2 Svxportal, Svxportal | 2026-02-23 | 6.1 Medium |
| SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim's browser if the victim visits a crafted URL. This can be used to steal session data, perform actions as the victim, or modify displayed content. | ||||
| CVE-2026-27503 | 2 Radioinorr, Sa2blv | 2 Svxportal, Svxportal | 2026-02-23 | 6.1 Medium |
| SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing attacker-supplied JavaScript to execute in the administrator's browser. This can enable session theft, administrative action forgery, or other browser-based compromise in the context of an admin user. | ||||
| CVE-2026-27504 | 2 Radioinorr, Sa2blv | 2 Svxportal, Svxportal | 2026-02-23 | 6.1 Medium |
| SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowing attacker-supplied script injection and execution in the administrator's browser. This can be used to compromise admin sessions or perform unauthorized actions via the administrator's authenticated context. | ||||
| CVE-2026-27505 | 2 Radioinorr, Sa2blv | 2 Svxportal, Svxportal | 2026-02-23 | 6.1 Medium |
| SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and are later rendered in the administrator interface (admin/users.php), allowing an unauthenticated remote attacker to inject arbitrary JavaScript that executes in an administrator's browser upon viewing the affected page. | ||||
| CVE-2026-27506 | 2 Radioinorr, Sa2blv | 2 Svxportal, Svxportal | 2026-02-23 | 6.1 Medium |
| SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow (user_settings.php submitting to admin/update_user.php). Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and image_url, which are later rendered without adequate output encoding in the administrator interface (admin/users.php), resulting in JavaScript execution in an administrator's browser when the affected page is viewed. | ||||
| CVE-2025-67304 | 1 Commscope | 1 Ruckus Network Director | 2026-02-23 | 9.8 Critical |
| In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands. | ||||
| CVE-2022-40011 | 1 Typora | 1 Typora | 2026-02-23 | 6.1 Medium |
| Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin. | ||||
| CVE-2025-68461 | 1 Roundcube | 1 Webmail | 2026-02-23 | 7.2 High |
| Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. | ||||
| CVE-2021-41810 | 1 M-files | 1 Server | 2026-02-23 | 5.2 Medium |
| Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable | ||||